CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

451 matches found

OSV•added 2024/07/29 3:15 p.m.•0 views

UBUNTU-CVE-2024-41033

In the Linux kernel, the following vulnerability has been resolved: cachestat: do not flush stats in recency check syzbot detects that cachestat is flushing stats, which can sleep, in its RCU read section see 1. This is done in the workingsettestrecent step which checks if the folio's eviction is...

5.5CVSS5.7AI score0.00018EPSS

Exploits0References15

RedHat Linux•added 2024/07/17 1:6 a.m.•3 views

kernel: blk-cgroup: fix list corruption from resetting io stat

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 "blk-cgroup: Optimize blkcgrstatflush", each iostat instance is added to blkcg percpu list, so blkcgresetstats can't reset the stat instance by...

5.5CVSS6.8AI score0.00026EPSS

Exploits0References5

OSV•added 2024/07/17 12:0 a.m.•17 views

ALSA-2024:4583 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbypo...

9.8CVSS8.5AI score0.00343EPSS

Exploits1References36

OSV•added 2024/07/12 1:15 p.m.•1 views

DEBIAN-CVE-2024-40977

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery e.g. chip reset, there is a possible situation that kernel worker resetwork is holding the lock and waiting for kernel thread statworker to b...

5.5CVSS5.9AI score0.00019EPSS

Exploits0References1

OSV•added 2024/07/12 1:15 p.m.•1 views

UBUNTU-CVE-2024-40977

5.5CVSS6.3AI score0.00019EPSS

Exploits0References14

OSV•added 2024/07/12 11:8 a.m.•4 views

OESA-2024-1830 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not...

9.1CVSS7.5AI score0.93858EPSS

Exploits1References3

SUSE CVE•added 2024/07/10 3:36 a.m.•1 views

SUSE CVE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.8CVSS8.3AI score0.00212EPSS

Exploits0References6

OSV•added 2024/07/10 2:15 a.m.•1 views

AZL-43213 CVE-2024-22018 affecting package nodejs 20.14.0-13

2.9CVSS6.8AI score0.00212EPSS

Exploits0References1

OSV•added 2024/07/10 2:15 a.m.•1 views

DEBIAN-CVE-2024-22018

2.9CVSS6.1AI score0.00212EPSS

Exploits0References1

NVD•added 2024/07/01 7:15 p.m.•101 views

CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS0.93858EPSS

Exploits1References7

OSV•added 2024/07/01 7:15 p.m.•1 views

UBUNTU-CVE-2024-38475

9.1CVSS7.4AI score0.93858EPSS

Exploits1References8

RedhatCVE•added 2024/06/25 1:52 p.m.•21 views

CVE-2024-38663

4.4CVSS7AI score0.00026EPSS

Exploits0References4

UbuntuCve•added 2024/06/24 2:15 p.m.•15 views

CVE-2024-38663

5.5CVSS6.4AI score0.00026EPSS

Exploits0References12

OSV•added 2024/06/24 2:15 p.m.•0 views

UBUNTU-CVE-2024-38663

5.5CVSS6.1AI score0.00026EPSS

Exploits0References13

OSV•added 2024/06/24 1:50 p.m.•14 views

CVE-2024-38663 blk-cgroup: fix list corruption from resetting io stat

5.5CVSS6AI score0.00026EPSS

Exploits0References6

CVE•added 2024/06/24 1:50 p.m.•94 views

CVE-2024-38663

CVE-2024-38663 (Linux kernel) affects the blk-cgroup iostat/stat reset path. After commit 3b8cc6298724, each iostat instance is added to the blkcg per-CPU list, so blkcg_reset_stats() can’t reset the stat instance by memset(), risking list corruption. The fix is to reset only the counter portion,...

5.5CVSS6.7AI score0.00026EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2024/06/22 3:35 a.m.•1 views

SUSE CVE-2024-38569

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writing...

6.1CVSS6.4AI score0.0003EPSS

Exploits0References10

Vulnrichment•added 2024/06/19 1:35 p.m.•18 views

CVE-2024-38569 drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group

6.9AI score0.0003EPSS

Exploits0References5

SUSE CVE•added 2024/04/09 2:29 a.m.•1 views

SUSE CVE-2024-26686

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can trigger a hard lockup. If NRCPUS threads call dotaskstat at the same time and the process has NRTHREADS, it will spin with irqs...

5.5CVSS6.8AI score0.0001EPSS

Exploits0References3

OSV•added 2024/04/03 3:15 p.m.•0 views

DEBIAN-CVE-2024-26686

5.5CVSS5.6AI score0.0001EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by